Implementing CA signed SSL certificates with vSphere 5.x – Part 6 – Horizon View


In a VMware Horizon for View environment (VMware’s VDI solution), View Connection servers are an important client facing component. A View Connection Server acts as a broker for client connections and for that reason VMware highly recommends that you replace the default SSL certificates which are generated during the installation of the Connection servers.

To help you with this job, VMware has a lot of useful documentation available, like:

For each View Connection server you should perform these basic tasks for setting up SSL Certificates:

  1. Generate a Certificate Signing Request
  2. Request a signed Certificate from a CA
  3. Import the signed Certificate
  4. Set up the imported Certificate for a View server
  5. Import Certificates on other View Servers

In the next sections I will show you the steps and some tips to step over some of the caveats.

Read the rest of this entry »

VCP6-DTM exam – Section 1


In my previous post I discussed the changes between the VCP6-DT exam and the new VCP6-DTM exam. So, it is not surprising that at this time, my focus is on VMware’s desktop and mobility solutions, in other words: Horizon 6, AirWatch etc.

To gain knowledge and experience, I tend to do the following:

  • Read books, whitepapers, blogs and documentation.
  • Watch and study Video trainings e.g. Pluralsight.
  • Build labs and practice a lot.
  • Work on real-world projects.
  • Work towards a certification

I strongly believe in the value of certifications, but in my opinion, one should only take an exam after a solid preparation.
VMware’s Exam Blueprints help you to determine which objectives are covered in an exam or not. Without these it would not always that clear and the number of VMware products is huge these days!

Exam Blueprints help me to review the objectives, so for me filling in the objectives makes sense and helps me in my preparations.

In 2012, I first published my study notes for the VCAP5-DCA exam (version VDCA510) as a series of blogpost. Last year I published an updated version for the VDCA550 exam.

Because converting a Word document to WordPress takes a considerable amount of time, from the VDCA550 exam, I published the various sections as downloadable documents.

In this post, you will find the first section of the new VCP6-DTM exam. I hope you will enjoy it. I welcome your comments.

Download new VCP6-DTM exam – Section 1




Some time ago I started my preparations for the VMware Certified Professional 6 – Desktop (VCP6-DT) certification. Last week I noticed that the VCP6-DT exam and certification will be retired as soon as November 30, 2015.

2015-08-24-01Figure 1

This year VMware started making major changes in their Certification Roadmap, like abandoning the Advanced Professional level and introducing the Implementation level. The number of new Version 6 exams is still growing. An overview of the available certifications can be found here.

For an overview of retired exams and certifications can be found here.

The VCP6-DT and the VCP5-DT certifications will be replaced by the new VCP6-DTM certification. The exam details and objectives can be found here.

Another difference between Version 5 and Version 6 certification; VMware does no longer publish a downloadable Exam Blueprint but only an online version. A “Last Updated” section has been added. I also hope version control will also be added in the future.

I have converted the exam topics, dated 27 July 2015 in a downloadable document. Links to the documentation have been added.

Read the rest of this entry »

You still got time


As you may have heard, on 30 June 2015, the last minute of the day 23:59 UTC will last 61 seconds instead of 60 seconds. The reason for this leap second is to sync time with the rotation of our Earth. The previous leap second was added in 2012, websites like LinkedIn, Mozilla and Reddit went down due to this leap second.

20150628_01Figure 1

Because a progressive number of computer systems rely on time synchronization, this means extra work for System Administrators (that will take much longer than 1 second). On the other hand there is also a lot of discussion; are leap seconds really useful in a world that relies on computer systems?

That brought me to the question; “Are VMware products affected and what can we do to prevent misery?”

Read the rest of this entry »

About update levels and build numbers (VMware)


You are working on a project, e.g. installing the latest VMware Horizon View on a vSphere 5.5 Platform. The VMware Product Interoperability Matrixes can help you determine which versions of ESXi are compatible with View.


This is not the best example, as this version of View runs on almost all version of ESXi, you might see the issue, as ESXi presents no update levels, just build numbers. So how do you match Update levels to Build numbers?

Read the rest of this entry »

Implementing CA signed SSL certificates with vSphere 5.x – Part 5– ESXi and Automation


In the previous posts, we discussed the need for certificates, how to obtain certificates, implementing certificates on a vCenter Server Appliance, vCenter Update Manager server and finally a vCenter Orchestrator Appliance. Although there are more vSphere components, we conclude with the implementation of certificates for ESXi hosts.

ESXi hosts

The configuration of CA certificates is explained in KB “Configuring CA signed certificates for ESXi 5.x hosts (2015499)”. Most important remark in this KB; “Each server must be unique to the component as it ties to the fully qualified domain name of the server. As such you cannot just take a single certificate and apply it to all hosts. Wildcard certificates are currently not supported, but even if they were, it is much more secure to have a proper certificate for each host.”

To create a certificate request for multiple ESXi servers, you can follow the procedure as describes in KB “Configuring OpenSSL for installation and configuration of CA signed certificates in the vSphere environment (2015387)”.

Read the rest of this entry »

Implementing CA signed SSL certificates with vSphere 5.x – Part 4 – VUM and vCO/vRO


In the previous post, we discussed the replacement of SSL certificates in the vCenter Server Appliance. Following our planning, next on the list is the vSphere Update Manager and the vCenter Orchestrator Appliance.

vSphere Update Manager

Our guide is “Configuring CA signed SSL certificates for vSphere Update Manager in vCenter Server 5.1 and 5.5 (2037581)”.

One important note from this KB: “You can replace only the SSL certificates that Update Manager uses for communication between the Update Manager server and client components.
You cannot replace the SSL certificates that Update Manager uses on port 9087 when importing offline bundles or upgrade release files.

KB 2037581 resumes at the point where we ended in Part 2, and created the required SSL certificates.


  • Assuming the VUM is a VM, create a snapshot before you start working.
  • If you haven’t already done this, import the root certificate Root64.cer into the “Trusted Root Certification Authorities” Windows certificate store. This ensures that the certificate server is trusted from now on.
    Figure 1
  • Backup the current certificates, location: C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL directory.
    Figure 2
  • Copy the new certificate files to this directory replacing the current ones. If you are following my blog posts, the certificates are located in C:\certs\UpdateManager.
  • Stop the vSphere Update Manager Service and the vSphere Update Manager UFA services from the services control manager.
  • Launch the exe application, located in C:\Program Files (x86)\VMware\Infrastructure\Update Manager.
    While using the VCSA, the VUM is always separated, so use the IP address or hostname of the vCSA. Use the credentials Update Manager uses to connect to the VCSA.
    Figure 3
  • Click the SSL Certificate Link.
  • Select the Followed and verified the steps.
  • Click Apply.
    Figure 4
  • Click OK when prompted with message “Restart the VMware vSphere Update Manager service to apply the setting”.
  • Restart the vSphere Update Manager Service and the vSphere Update Manager UFA services.

Read the rest of this entry »


Get every new post delivered to your Inbox.

Join 422 other followers